My DokuWiki

User Tools

Site Tools

Trace:
domain_database_search

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
domain_database_search [2022/09/17 11:41]
kaduuwikiadmin 		domain_database_search [2024/03/11 15:06] (current)
kaduuwikiadmin
Line 1: Line 1:
- 
 ====== Domain Database Search ====== ====== Domain Database Search ======
  
-You can search in Kaduu database similar domain names. You can investigate the results with various tools. +===== What is the threat? ===== 
-The database is **updated daily** using domain registration feeds.+When cyber criminals conduct attacks like phishing or business email compromise (BEC) against employees, they usually spoof (replicate with variation) the domain of the target organization. The idea is to build trust and lure the employees into providing credentials or downloading malware. As the original domain is already taken, the hacker reserves domains with slight variations of the original domain name. As an example, the original domain “industryservices.com” could be turned into “indusrtyservices.com” (letter swap), “industryserv1ces.com” (letter replacement), “industry–services.com” (additional characters), “industry.services” (different TLD), etc. 
 + 
 +===== How can Kaduu assist in mitigating this threat? ===== 
 +We monitor all new domain registrations (ccTLDs, gTLDs, uTLD, sTLD). In doing so, we also record typical typo squatting techniques as mentioned above. A newly registered domain that has some similarities to the client’s domain will create an alert in Kaduu. Additionally, we monitor all [[certificate_monitoring|SSL certificate logs]] since many phishing websites are secured with SSL certificates to spoof the legitimate client’s name. By monitoring the certificate transparency logs that are available online, you can detect if your organization’s name gets spoofed on SSL certificates – even in the subdomain part of the domain. 
 + 
 +You can now search via dashboard or [[api|API]] in Kaduu'database for similar domain names and setup [[creating_alerts_based_on_your_search|alerts]]With the various built-in tools   (Screenshot creation, Portscan, Geolocation etc.) you can investigate the findings in Kaduu. 
 + 
 +===== How up to date is the data? ===== 
 +The database is **updated daily** using domain registration feeds. Not all domain types are processed in real time in the feeds, as there is no obligation for the domain providers to report TLD's registration to a central authority. Especially the country top level domains (ccTLD) are only recorded with a time delay (sometimes up to 2 weeks) and it can happen that domains are not included in the alerting in real-time.
  
 ===== How can you access the domain search? ===== ===== How can you access the domain search? =====
Line 49: Line 56:
 | Domain contains "kaduu": Creates +40 results | {{::search_that_contains_domain.png?400|}} | | Domain contains "kaduu": Creates +40 results | {{::search_that_contains_domain.png?400|}} |
 | Domain is similar to "kaduu.ch": Creates only 7 results | {{::search_with_distance2.png?400|}} | | Domain is similar to "kaduu.ch": Creates only 7 results | {{::search_with_distance2.png?400|}} |
 +| Domain contains "kad" and "uu" in this order: Creates 202 results | {{::domain_n.png?400|}} |
 +| Domain contains "kad" and "uu" and must be .com: Creates 87 results | {{::domain_n2.png?400|}} |
 +
  
  
Line 58: Line 68:
 | *service*best* |  {{::domain-s-2.png?800|}}| | *service*best* |  {{::domain-s-2.png?800|}}|
  
 +===== Domain Alerts =====
 +
 +  * Track new results for the search: Use your exact search type to find new DB entries
 +  * Track changes: Tracks changes in the WHOIS, Ports & DNS Changes for the specific domain
 +  * Track similar domains: Uses ~1 domains with a Levenshtein distance of 1 (up to 1 typo) to your domain
  
 ===== How can you analyze the results? ===== ===== How can you analyze the results? =====
Line 63: Line 78:
 You can select one or multiple search results and then analyze the different data sources like ports, WHOIS etc. You can select one or multiple search results and then analyze the different data sources like ports, WHOIS etc.
  
-{{::domain_getdata1.png?600|}}+{{::domain_getdata1.png?900|}}
  
 The analysis can take severeal minutes for a few domains. If you select more than 10 domains at ones, you might get a timeout. The results can then be exported or reviewed on the dashboard. Here an example how the analysis can be reviewed on the dashboard by clicking on the according domain name: The analysis can take severeal minutes for a few domains. If you select more than 10 domains at ones, you might get a timeout. The results can then be exported or reviewed on the dashboard. Here an example how the analysis can be reviewed on the dashboard by clicking on the according domain name:
  
-{{::domain_analyisis_results.png?600|}}+{{::domain_analyisis_results.png?900|}}
  
 If you create an export, you will have the same information in the format you selected under the navigation item "my  exports": If you create an export, you will have the same information in the format you selected under the navigation item "my  exports":
  
-{{::exports.png?600|}}+{{::exports.png?900|}}
  
 Here an example of a word file export: Here an example of a word file export:
  
-{{::export_word.png?600|}}+{{::export_word.png?900|}}
  
 ===== Special Search: Typo-squatted domains ===== ===== Special Search: Typo-squatted domains =====
Line 84: Line 99:
  
  
-{{::typocheck.png?800|}}+{{::typocheck.png?900|}}
  
  
domain_database_search.1663407675.txt.gz · Last modified: 2023/05/22 20:40 (external edit)

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki